News & Analysis as of

Stakeholders Weigh-in on the NIST Cybersecurity Framework

In February 2014, the National Institute of Standards and Technology (NIST) published the Cybersecurity Framework, a voluntary framework designed to provide a “cost-effective means for critical infrastructure to identify,...more

NIST Framework Adoption Linked To Higher Security Confidence

A recent market survey of 338 IT and security professionals has revealed that adoption of the U.S. National Institute of Standard and Technology (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity has led...more

New Guidance Maps HIPAA Security Rule to NIST Cybersecurity Framework to Help Providers Manage Cybersecurity Risk

In a world of looming data breaches and significant penalties for the release of protected health information, the complexities of cybersecurity and compliance with the HIPAA Security Rule can be incredibly daunting. In 2014,...more

Phase 2 of HIPAA Compliance Audits Now Underway

The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (DHHS) recently announced that it has initiated Phase 2 of its audit program to assess Covered Entities’ and Business Associate’s...more

Blog: HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping the Health Insurance...more

HHS Office For Civil Rights Releases A Crosswalk Between HIPAA Security Rule And NIST Cybersecurity Framework

At the end of February, the Department of Health and Human Services (“HHS”) released a table, called a “crosswalk,” that maps standards and implementation specifications of the Health Insurance Portability and Accountability...more

Capitalizing on Collaboration – The President’s Precision Medicine Initiative

Last week President Obama marked the one year anniversary of his Precision Medicine Initiative (“PMI”) by holding a web-accessible panel discussion where he and interested stakeholders discussed his PMI initiative, its...more

CFTC’s New Proposed Rules Mandate Extensive Cybersecurity Testing; Comments Due Feb. 22, 2016

On December 16, 2015, the Commodity Futures Trading Commission (“CFTC”) released two Notices of Proposed Rulemaking (“NPRMs” or “Proposed Rules”) that would, if finalized, supplement existing regulations covering the...more

FDA Issues Draft Guidance Governing Postmarket Cybersecurity Risk Management Standards

On January 15, 2016, the U.S. Food and Drug Administration (FDA) announced in a Press Release that it would issue draft guidance on January 22 outlining “steps medical device manufacturers should take to continually address...more

BIMCO issues cybersecurity guidelines for ships

Last week, BIMCO, along with other shipping organizations, “launched” guidelines “to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident on-board...more

Also In the News - Data, Privacy, & Security Practice Report - December 2015 #2

Harmonizing Cybersecurity And Trade Secret Protection – Many companies are investing heavily in cybersecurity and implementing a framework such as the Cybersecurity Framework from the National Institute of Standards and...more

NIST seeks comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST) developed and issued its voluntary “Framework for Improving Critical Infrastructure Cybersecurity” (Framework) in response to a 2013 Executive Order in February of...more

Recent Government Cyber Alert and Draft Guide for Financial Institutions: Lessons for All Organizations

All organizations, including financial institutions, continue to face significant security threats across their wide ranging IT systems. Such organizations are particularly vulnerable if they cannot track networked devices...more

What the Recent NAIC Financial Condition Examiners Handbook Changes Mean for Insurers

On September 21, 2015, the National Association of Insurance Commissioners (NAIC) IT Examination Working Group adopted amendments to the IT section of the Financial Condition Examiners Handbook (“the Handbook”). The changes...more

Disclosure Of Numerous Hacks At The U.S. Department Of Energy Renews Cybersecurity Concerns In The Energy Sector

Records produced by the U.S. Department of Energy (“DOE”) to USA TODAY under a Freedom of Information Act request revealed over 150 successful cyber intrusions into DOE computer systems between 2010 and 2014. Concerns about...more

FTC Can Regulate Cybersecurity Practices, Third Circuit Rules

The Federal Trade Commission (FTC) can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act, the U.S. Court of Appeals for the Third Circuit has ruled in a very important...more

Security Frameworks 101: Which is Right for my Organization?

These days information security is on the minds of virtually all technology professionals and business executives alike. But how does an organization ensure that their security profile is adequate. It can certainly help to...more

Federal Appeals Court Recognizes for the First Time the FTC’s Authority to Enforce Cybersecurity Practices

On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more

NIST Publishes Cybersecurity Standards Objectives

The National Institute of Standards and Technology has published a draft of its objectives for cybersecurity standardization, following in many ways the consultative model that it used successfully in drafting the NIST...more

FFIEC Cybersecurity Assessment Tool: Not Just For Financial Institutions

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released its long anticipated Cybersecurity Assessment Tool (press release here). The FFIEC is a formal interagency organization empowered to...more

FFIEC’s Cybersecurity Assessment Tool: Guidance for CEOs and Boards - Senior Management and Boards Should Be Actively Addressing...

The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity...more

FFIEC’s Cybersecurity Assessment Tool: Guidance for CEOs and Boards - Senior Management and Boards Should Be Actively Addressing...

The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity...more

Congressional Action Supports Improvement of Cybersecurity for Critical Infrastructure and Beyond

None of us in the United States – no family or individual, no industry or business, and no government agency – is immune from the potential devastation that cyber-attacks can wreak. No particular reminder is needed. Each day,...more

Privacy & Cybersecurity Update - March 2015

In This Issue: - Dismissal in P.F. Chang’s Data Breach Case Shows Challenge Plaintiffs Face in Such Actions - Eleventh Circuit Court of Appeals Decision Underscores the Need to Evaluate Insurance Programs for Cyber...more

Effective cybersecurity: 8 questions for you and your team

Cybersecurity has become a top-tier risk for US and multinational organizations. It is only a matter of time before a determined hacker will penetrate your organization’s system and successfully exfiltrate some data. (Indeed,...more

110 Results
|
View per page
Page: of 5
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×